“As noted by German-language security blog H Security, SRLabs has posted video evidence that the fingerprint scanner on Samsung’s Galaxy S5 can easily be spoofed using a lifted print,” Zach Epstein reports for BGR. “In mere minutes, the group was able to create a ‘dummy finger’ using an actual fingerprint to gain unauthorized access to the phone.”

“With Apple’s Touch ID system, users are required to input their password one time before using a fingerprint for authentication. The password must be used again once each time the device is rebooted. This extra step seems annoying, but it prevents the very spoof achieved by SRLabs,” Epstein reports. “On Samsung’s Galaxy S5 however, no password is needed to access the device. Even after a reboot, a simple swipe of a finger will unlock the phone. And what could be much more alarming is the fact that, even after a reboot, users don’t need a password to access PayPal and make payments through the app if it has been configured for fingerprint authentication.”

The thing is… Samsung doesnt really move the interest needle in the media…

Now if they were to pair this info with the fact that Samsung just released their S5… that would be huge…

In fact… At some point, it’s about time Apple mentioned it in their release of the 6… or at their WWDC. When talking about their fingerprint scanner say, “We at Apple would hate for our valued customers to have their accounts compromised to thieves as they do with many of Samsungs phones.”

Can’t argue against “many” (millions), can’t argue against “compromised”(tested by a non-Apple owned entity), and worse yet Samsung phones(it’s obvious which Galaxy version they are talking about).

They claimed it took the same amount of time because the mold used for the Scamsung hack was the same mold from the same hand as the one used for the iPhone spoof as well. They kept the mold and reused it for this one.

If you read the real article these guys used the same mold that it took them hours to make for the iPhone… the same exact mold from the same hand they used to spoof the iPhone. BGR reported that this Samsung hack took minutes however it only ‘took minutes’ because they already created the mold they used a year ago when spoofing iPhones fingerprint reader. Had that mold not already existed it would have taken the 20+ hours it did originally for the iPhone. The difference here is Apple was smart enough to build safeguards of a password; Samsung was not.

This is an outrage! Conspiracy!! Those responsible for those false claims and anyone vile enough to republish their lies will be sued for smearing our good reputation to the tune of a billion dollar per offense!

Thing is, I remember reading about the supposed “hack” of Touch ID, and I never bought it. It was never satisfactorily explained how this fake print worked, given that Touch ID works via capacitance, not pressure, and so won’t mistake plastic for flesh. At the time, many people speculated the hack videos were a hoax, that the phone was actually reading the print of the operator through the plastic. So I don’t know what to think of this.

I don’t think you understand how capacitive screens work mate. Not a knock on you, just stating that because it’s not just ‘flesh’ that capacities react to. For example if you have a water bottle (like a deer park bottle) for instance and it’s full of water; if you rub the bottle on your screen it will react as if your finger was touching it. Likewise they have capacitive styluses and also gloves that have capacitive reacting materials in them so you can use your phone while gloves are on. All that to say, there are materials that create the capacitive interference which capacitive screens measure and react to; it doesn’t have to be human flesh.

Of course, but I saw no evidence the fake fingerprint was made out of any of those materials. My understanding is that the fake fingerprint is something akin to a rubber mold. I can’t see why that would register as a touch.

the group says they got a 2400 dpi scan of a fingerprint to make the rubber fingerprint.
A photo in a glossy magazine is reproduced only about 300 dpi. A 2400 dpi scan is very high resolution which means that very fine details is needed. ( a 2 x 2 inch scan at 300 dpi is a third of a MB in size, a 2400 scan is 22 MB. )

I doubt you would get enough detail from for example a smudgy glass print. ( a 2400 scan of a smudge is still a smudge. You just get a high res smudge, all the fine lines is missing)
Did they actually place the real finger on a high res scanner to make the mould? In which case you need the real finger.

I’m not expert on fingerprint spoofing etc. so I’ve never posted my doubts above before but it’s been nagging me.